Skip Navigation

[Resolved] types_render_field() with target "_blank" should add rel="noopener"

This support ticket is created 3 years, 3 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Kolkata (GMT+05:30)

This topic contains 3 replies, has 2 voices.

Last updated by Clifford 3 years, 3 months ago.

Assisted by: Minesh.

Author
Posts
#1884441

"Reverse Tabnabbing" should be fixed...

Anywhere target="_blank" is used, you should include rel="noopener" with it, for security.

I confirmed, on latest version of Toolset Types, that using

types_render_field( 'url', [ 'id' => 1234, 'target' => '_blank', 'title' => 'text' ] )

DOES include target="_blank" but does NOT also include rel="noopener"

You can reference hidden link for more details.

WordPress has a function for this: https://developer.wordpress.org/reference/functions/wp_targeted_link_rel/
Also see https://core.trac.wordpress.org/changeset/49215

#1885057

Minesh
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Hello. Thank you for contacting the Toolset support.

Thank you for reporting this and I confirm that we do not add the attribute rel="noopener".

I've escalated this to our next level support for further assessment. Please hold on for further updates.

#1885103

Minesh
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

We filed a request for the same and you are welcome to mark resolve this ticket.

#1885361

Thanks for your attention to this.

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.